Our website uses cookies to improve your user experience. If you continue browsing, we assume that you consent to our use of cookies. More information can be found in our Cookies Policy and Privacy Policy.

FSA says that digital photocopiers pose security risk

The FSA has warned that digital photocopiers pose a data security risk if financial services firms fail to properly erase stored information when the machines are replaced.

In its latest financial crime newsletter, the FSA says since 2002, most digital photocopiers have been fitted with a hard disk that saves the details of documents and information that has been put through the machine.

The regulator says that as inf-ormation could include clients’ personal details, it is essential that the data is erased when photocopiers are replaced.

In April 2008, the FSA published a report on data security in financial services which outlines best practice procedures for the disposal of hardware.

The FSA warns: “Firms need to include digital photocopiers in the devices which require concern when disposing of hardware. Getting data protection wrong can bring commercial, reputational, regulatory and legal penalties.”

Paladin Financial Services managing director Tim Purdon says : “I did not know there were hard disks inside photocopiers and I think many IFAs may also be unaware of this.

“This is a timely warning for us all. I would encourage IFAs to check their equipment and make sure that if their machine has a hard disk, it is erased properly.”

Newsletter

Latest from Money Marketing

The Competition and Markets Authority has criticised insurers over “stealth price rises” and costly exit fees for loyal customers. The watchdog looked into areas including cash savings, mortgages and home insurance after charity Citizens Advice raised a so-called “super complaint” over how longstanding customers are treated by financial services organisations. The CMA has recognised that […]

Banking lobbyists have warned that UK banks currently face higher tax rates than international counterparts, and that these could hasten banks’ departures if they remain after Brexit. Reuters reports that research commissioned by UK Finance and carried out by consultancy PwC shows London banks face an effective tax rate on profits of 50.6 percent, above […]

Barclays has been fined $15m (£11.9m) by US regulators after attempts were made to unmask a whistleblower by chief executive Jes Staley. In 2016, a Barclays employee sent two letters regarding concerns over the chief executive’s decision to hire a former colleague to work at the bank. The whistleblower posed questions both over the experience […]

19th December 20188:33 am

Comments

There are 20 comments at the moment, we would love to hear your opinion too.

One could argue that any prudent “man of business” ought to be aware of where client or indeed his own personal data is stored.

I love to kick the FSA as well as the next man (and that is a lot) but maybe they expected IFA’s to understand what and how their kit behaved, and in fairness to them on this occassion I don’t think that is an unreasonable expectation…

We have a Kyocera 1620 digital photocopier (and an excellent machine it is too).

We checked with our service agents who supplied and maintain it for us and they tell us that it definitely does not incorporate a hard disk drive. Apparently, only the very largest machines include them. Most do not.

Perhaps it might have been more appropriate for the FSA to have issued a more carefully considered (ha!) warning to the effect that some but by no means all digital photocopiers contain hard disk drives and that firms are advised to ensure that as and when the machine is disposed of, this is removed in the interests of data security.

As always, there is a good way of doing something and, regrettably, what may in the fullness of time, come to be known as the FSA way.

“The FSA have today announced that crossing the road is not safe due to the number of big cars which could run you down. A new regulation now requires everyone to wait for an FSA official to hold their hand when crossing”

A Director of AMI who is also a member of the RAC said ” As usual I would not wish to upset anyone at the FSA therefore We fully endorse and understand the risk posed in crossing the road and will be advising our members accordingly”

I am sure that this directive or advisory (must be compliant) follows an email that was doing the rounds about this very subject. This is a real problem that exists not just for IFA’s but every single company including the Police who use digital photocopiers. When I saw the email i immediately sent a copy to my compliance officer becasue it scared the living daylights out of me, not just about my IFA work, but also if i stay in a hotel and my passport is copied for security reasons. This problem is universal and includes the FSA building and offices itself. Rather than just sending out the adviosry or notification, it woul dhave actually been useful if the FSA had published how they have dealt with this problem. I am absolutely sure that they onluy realised following the expose on the American documentary that hit cyberspace. My advice to anyone is make sure that if someone is copying your personal data onto a photocopier that you ensure it is erased from the hard drive. How you do that I havent a clue!!!

Our photocopier will only save an image to the hard drive if that option is selected by the user… (as against sending the image to a computer or memory stick) .. so like you have to consciously be aware that’s what you are doing…

…..and according to all those forensic bods on the telly, the only way to totally remove data from a hard drive is with a pick axe…. way to go!

(I hope the photocopier companies have all the necessary licences from the ICO…)

We all including me, do a lot of FSA bashing on this web site – but having seem the CBS news report about this the FSA are 100% right to bring this to our attention. The shame is that they didnt discuss it terms of what they are or have done because this is an issue that affects everysingle company who uses modern digital photocopiers. The problem is when the machine is sold as the expose on CBS news clearly demonstrated.

This issue has been around for a while and firms need to consider the impact carefully – there is more to this than just disposal as I have pointed out to my clients.

Whilst disposal is an issue you also have to consider servicing. Whenever an engineer (or anyone else) has unrestricted access to your machine they have the ability to access the data or indeed potentially swap the hard drive.

The security of your machine (eg at night when the cleaners are in) is just as important as the access to your PC. If you wouldn’t leave your PC open to use by all and sundry you need to consider the same issue for your photocopier.

You need to think about all the risks to your business and data not just the obvious ones.

ET (1747 15 Jul 10) displays spectacular ignorance as to how his technology works. There’ll be a copy on that drive till it’s overwritten – which could be at any time in the future or perhaps even never.

It’s a pity that Nanny FSA can’t excercise the same diligence in doing its main job properly. i.e. protect the consumer from things like the banking crisis, Equitable Life, Independent Insurance (and the wider issue of insurers buying the market at a substantial loss), home revesion schemes etc. etc.

I don’t know why the FSA is getting so exercised by this issue. We fax clients ID, proof of residence, bank statements, savings accounts to banks in Glasgow. There seems to be a black hole up there as half of them go missing anyway!

Compliane Man – I understand your comments re service engineers. Ultimately once you have carried out your due diligence, you have to turst somebody. The alternative is to do EVERYTHING yourself.
The point is to limit access and to have a clear trail of those who potentially could have acccessed information. You cannot stop those you trust (after doing your due diligence) from acting incorrectly, but what you can do is make sure if one of the limited number of people does so, you can identify who was breached your security.

The original question was a valid point …. I did however check with our photocopier suppliers and then went off and had a look at the Photocopier.. yep Hard Disk it has.. anything on it… no.. well nothing IFA wise.. a couple of original invoices to the Photocopier peeps…… If its got the 30GB* of scans I have put through it, they must be hiding elsewhere..

With your experten knowledge can you please tell me where these ‘copies’ are…….as if I ever need a data back up…. 🙂 Thanks

Leave a comment

Why register with Money Marketing ?

Providing trusted insight for professional advisers. Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.